Data protection system

ABSTRACT

A method of manufacturing digital data storage medium comprising the steps of: segmenting copyright material in digital form into consecutive segments, allocating each segment to a sector of the storage medium, pre-determining the position of each sector on the storage medium and using an algorithm to derive a unique encryption key for each sector according to the logical block address corresponding to the start of each sector, encrypting each sector using its unique key, and writing the encrypted data sectors to the said storage medium.

BACKGROUND OF THE INVENTION

[0001] This invention concerns apparatus, methods and articles manufactured thereby for preventing theft of copyright material, particularly as recorded in digital form on carrier means such as optical disc media. In this description optical disc media is intended to include not only CDs, CD-ROMs and DVDs, but also similar media that may be read using electromagnetic radiation outside of the visible range; for example, infra-red, ultra-violet or X-rays.

[0002] The advent of recordable CDs (CD-R) has made it generally easy and inexpensive to make unauthorised copies of Audio CDs and CD-ROMs; for example by copying the entire contents of a audio CD to a computer hard disc and then writing this to a CD-R. The potential loss of revenue to recording companies from such activities is considerable, and indeed its impact has already been felt. Consequently, there has been much interest in techniques that prevent such unauthorised copying.

[0003] U.S. Pat. No. 5,513,260 (Ryan) and U.S. Pat. No. 5,659,613 (Copeland) disclose a method of placing an authenticating signature on a legitimate copy that cannot easily be detected, and hence transferred to an illicit copy. New CD players would need a subsystem that searched for such a signature and if the signature should be there, but was not found, refuse to play the disc.

[0004] US 20010054028 A1 (Kuroda) describes the addition of copy control information to copyright material, such that when an attempt is made to copy this material using reproduction and recording apparatus according to the invention such copying is prevented, if appropriate, on the basis of the copy control and information and also attribution information generated by the reproduction apparatus.

[0005] US 2002003880 A1 (Kato) discloses a system where a recording of copyright material is encrypted and also has a digital watermark which is read by apparatus according to the invention, thereby allowing the replay apparatus to obtain a disk key and so decrypt the material.

[0006] All of the above methods and systems suffer from the disadvantage that they do not prevent unauthorised copying of a CD and replay of that copy on most existing CD players; that is they require new players equipped with appropriate hardware.

[0007] US 20020001690 A1 (Selinfreund) discloses a method of manufacturing optical discs that includes areas on the disc with light-sensitive material. During the first pass of a conventional optical reader the digital information on such light sensitive areas is read correctly, but on a second pass the data is read differently due to the activation of the light sensitive material by the optical reader As most optical disc readers and players are pre-programmed to re-sample data areas to assure correct copying such discs will fail to copy correctly. While this method will work with many existing players, the inclusion of light sensitive areas at precise locations on the disc is expected to significantly increase disc production costs.

[0008] US 20010053979 A1 (Kori) describes an encryption protection system that encrypts copyright material, requiring the user to have the decrypting key, and also keeps a record of the number of copies made, so that a pre-determined limit can be placed on this. However, determined copyists can with sufficient effort break such a single or double key systems. Further, this system appears unsuitable for replaying discs in most currently available players.

SUMMARY OF THE INVENTION

[0009] An object of some aspects of the present invention is to provide improved methods of protecting copyright digital data recorded on a data storage medium, particularly optical discs such as CDs. It is a further object of some aspects of the invention to provide a method of producing optical discs that provide such improved protection. It is also an object of some aspects of the present invention to provide an optical disc with such improved protection. A further object of some aspects of the invention is to provide a system that is effective when used with most players and computers presently available.

DETAILED DESCRIPTION OF THE INVENTION

[0010] CD audio discs contain at least a first session formatted in compliance with the well known “Red Book”, also known as standard 908 of the International Electrotechnical Commission (IEC) entitled “Compact Disc Digital Audio System” (Geneva, Switzerland, 1987).

[0011] According to one aspect of the invention slight deviations from strict “Red Book” compliance are introduced into this first session to prevent most CD-ROM drives reading the data. Thus, the first session on the disc will normally contain audio tracks. In the lead in area of the disc, the Q-channel information contains the Table of Contents (TOC). Each audio track on the first session is described in the TOC including where the track is located on the disc and the type of track. In a conventional CD the tracks are described as audio tracks. In a disc according to the invention such audio tracks are described as data tracks in the TOC. A normal CD player does not reference this TOC but rather looks at Q-channel data in each sector within the session. This track area data is unaltered and conforms entirely to “Red Book” standard. Hence, such a disc will play normally in a standard “Red Book” audio CD player. However, when such a disc is read by a CD-ROM drive the drive will reference the TOC and will then recognise a discrepancy between the TOC data and that Q-channel data within each sector of the track. This contradiction normally results in an “illegal mode for this track”, that prevents the CD-ROM drive reading the track.

[0012] Specifically, the TOC describes the tracks in the audio session as data tracks, control=4 (0100 binary). Normally they would be described as audio tracks, control=0 (0000 binary) (see “Red Book”, p41).

[0013] No amendments are made to the well known Cross Interleave Reed-Solomon Code (CIRC) error protection data on the protected disc.

[0014] A further important aspect of the invention is the ability to play the optical disc on a computer. This is achieved by first compressing the audio tracks, then encrypting this data and recording this resulting data in a second session on to the optical disc, known as a data session.

[0015] For a CD this data is recorded in the following manner; the data is first split into logical block that will fit into a “Yellow Book” (IEC) standard CD sector (also known as a logical block). Each of these blocks is then encrypted using an encryption key derived from its logical block address (LBA) or position on the CD. The data resulting from this process is then written to the disc at this position (LBA) using conventional mastering and recording methods. This compressed audio data is not visible to the host computer under normal circumstances. The data is played on a personal computer, by including in this second session a “CD player application program” that is visible to the host computer. This player has built into it the ability to locate, decrypt and play the compressed and encrypted audio data.

[0016] To enable protected discs to be played on computers using operating systems such as Windows 95, 98, NT-4, 2000ME, 2000 Professional, 2000 Server, 2000 Server Professional, XP Home Edition, XP Professional, Linux 6.2 and higher, Apple Macintosh OS9 and higher, Sun Unix OS8; hereafter referred to as PCs, at least one further data session is included on the disc.

[0017] This further session is located after the first “Red Book” compliant session and conforms to the IEC “Yellow Book” standard and the IEC “Orange Book” standard for multi-sessions. This session contains the player application program and any associated files, which are visible to the computer operating system and also encrypted data files containing the audio tracks; these latter files not being visible to the computer operating system or playable, except by using the CD player application program provided on the disc.

[0018] Thus, when a protected disc is viewed by a PC file manager only the player application program and any files directly associated with the program will be visible.

[0019] Each sector on the disc normally contains 2048 bytes of consecutive encrypted digital data, each sector being encrypted with a different unlocking key. This block size is dictated by the “Yellow Book” standard, but in principle data may be encrypted using any convenient block size. Obviously using too large a block size is undesirable as it would result in less variation in the encryption, this should be avoided. The logical sector address (LBA) corresponding to the start of each audio track (LBA-tra) is known to the player application program this data being hidden within the player application program code or at a location on the disc known to the player application program, (hidden within the player code), if the data is located on the disc then the data will its self be encrypted, the information may also be spread over several consecutive or randomly addressed sectors. A particular audio track will normally comprise many thousand consecutive sectors on the disc. The audio data in each of these sectors will be encrypted with a different unlocking key. The player application program contains an algorithm for deriving this unique key from the LBA corresponding to the start of each sector (LBA_(sec)). The skilled person will realize that this algorithm may take a variety of forms, as long as it generates a unique key from the LBA, Thus, when a track is selected the player application program knows the LBA-tra, this is the same as LBA-sec for the first sector of the track and can derive the key from that LBA-sec to allow data from that first sector to be decrypted. Having read the first sector the player application program knows that the next sector starts at the (LBA-sec) consecutive to the last LBA of the first sector. Knowing LBA-sec the player application program can use the said algorithm to derive the new key and so decrypt data in the second sector. In this way the player application program can decrypt consecutive sectors, each time deriving a new key. This is referred to below as a dynamic key code system.

[0020] The dynamic key code system has a number of advantages over known systems. If an unauthorised copier discovers both the LBA-tra and the first key it only allows the first sector (block) of digital audio data to be recovered. The key to the next consecutive sector will normally be completely different. Further, if by some means the consecutive encrypted sectors corresponding to a audio track are copied, for example to a PC hard disc and the player application program is run and directed to the first sector, it will generate wrong keys for each sector because it would need to know original the LBA-sec of the copied material. The sectors occupied on the PC hard disc will almost certainly differ from those on the original disc. Hence, the copied material will not be decrypted by the player software.

[0021] Prior to segmentation and encryption of the audio data, this data is preferably compressed using an appropriate compression algorithm.

[0022] Preferably, a disc produced according to the invention contains hidden software that is activated when the PC operating system first accesses the storage medium; for example a CD, by reading the directory table of contents data, whereby a memory resident program, hereinafter called “the supervisory program” monitors access to the protected disc. When the disc is removed the supervisory program is removed from the memory of the PC. The supervisory program is also designed to monitor the activity of the disc, including disc speed, disc access type (digital or audio) and also ensures reliable playback of the disc content.

[0023] In order to be able to monitor the disc activity, the supervisory program must insert its self or part of its self into the operating systems driver chain. Also the supervisory program will be in communication with the player application program that is allowed to “Play” the disc. A driver chain is a computer operating system feature, where an application will communicate with the top part of the chain. This top part of the chain will communicate with the next layer down etc. Until finally the communication will reach, for example, the CD-ROM drive. Information from the CD-ROM drive will travel long the chain in the opposite direction. This mechanism is in place in the operating system in order to present to an application program, a standard way of communicating with a large variety of hardware devices.

[0024] The supervisory program inserts its self into this driver chain and can therefore monitor all communications from the application program to the CD-ROM drive. The supervisory program can, for example calculate the average data transfer rate, the type of read operation that is being attempted etc, it also has the ability to identify the disc that is the target of this communication and as a result allow normal operation on a disc that is not protected by the system.

[0025] If an operation that is not allowed is attempted then the supervisory program will simply not pass the communication on and will send a fictitious reply to the next higher part of the driver chain and therefore eventually to the application. It may for example chose to simply report an error to the application program or even supply blank or incorrect information. In this way any unauthorized access to a protected disc is blocked.

[0026] Storage medium according to the invention is only designed to be accessed in one way by a PC; that is using the player application program on the data session to read and decrypt data therein. If the disc is accessed in any other way the activity will be judged illegal and interventionary action will be taken by the supervisory program. Normally, the supervisory program will stop such activity and the disc will be ejected from the computer drive. This role of the supervisory program will not prevent the copying of an ordinary disc and will not interfere with the general performance and/or activities of the computer.

[0027] Thus, if an “illegal” activity such as the digital extraction of disc data to hard disk drive, is detected by the supervisory program that command will be blocked. Likewise, if the player application program is not open, or is closed by the user while the disc is still in the CD-ROM drive then an eject command is sent to the drive.

[0028] Access to the first session on the disc, by for example a CD copying utility, will not be allowed by the supervisory program which monitors the position of the read head and can thus identify if data other than session data is being accessed.

[0029] If in the unlikely event that a disk copying utility is able to read the first (audio) session of the disc, then the supervisory program will not permit the digital extraction command used by ASPI, ATAPI and other disk command control drivers to be used.

[0030] This method monitors the current average disc speed. If the average speed is outside given acceptable parameters then disc access is blocked. Speed monitoring is accomplished by the supervisory program.

[0031] When a disc is being played in a PC using the player software the average playback speed of the disc will be very low, since compressed data is being read at real time. Typically data is compressed at a ratio of about 10 to 1, i.e. ten times smaller than the un compressed data; normal playback of the original data would result in a disc speed of one, therefore the average disc speed when playing the compressed data over the same period of time will be about {fraction (1/10)} speed in this case.

[0032] Because the compressed data is read from the disc in blocks at a high speed (Burst speed), followed by a much longer period of inactivity, speed monitoring will need to measure the average disc speed. The burst speed could in fact be anything up to and including the maximum read speed of the disc, but for very short periods. So called “ripping software” typically will try to copy at the highest speed possible for a sustained period of time. If disc is moving at a high speed on average then access will be blocked (average speeds will need to be calculated over periods in the order of ten seconds). If player application program is not playing the disc then all access to the disc is blocked.

[0033] The present invention requires special software to control the disc mastering machine or alternatively a CD-R, CD-RW, DVD-R or DVD-RW disc drive. This will be referred to below as CD Production Software (or CDPS). The CDPS needs to pre-determine the LBA (LBA-tra and LBA-sec) of each sector of data corresponding to any data sessions on the disc. It then selects a particular algorithm and derives the unique encryption key for each sector. Following compression of the audio files and division of the digital data into consecutive segments of audio data, each of these segments is encrypted within a data sector. Thus, when the master disc is produced each sector of data in the data session or sessions, is uniquely encrypted and placed at the pre-determined LBA, so allowing the LBA-sec to be used by a player application program to decrypt and play that sector.

[0034] The system of the invention also allows the algorithm that derives a key from a LBA-tra or LBA-sec to be varied if desired for each master disc produced. Advantageously, routine variations in the algorithm used for manufacturing a given master disc can result in completely different keys being derived for a given LBA. The CDPS will modify the code of the player application program that is also placed on the disc so that it contains the correct algorithm; that is the algorithm used in the encryption step, thus allowing the player application program to decrypt the data session. 

We claim:
 1. A method of manufacturing an optical disc for storing digital data comprising the steps of: (a) segmenting copyright material in digital form into consecutive segments (b) allocating each segment to a sector of the disc (c) pre-determining the position of each sector on the disc and using an algorithm to derive a unique encryption key for each sector according to the logical block address corresponding to the start of each sector (d) encrypting each sector using its unique key, and (d) writing the encrypted data sectors to a disc.
 2. Recorded material on an optical disc comprising digital data segmented into consecutive sectors each containing encrypted data, the data in each sector being encrypted using a unique key, the unique key for each sector being dependent upon the logical block address on the disc corresponding to the start of each sector.
 3. Optical disc player software containing embedded within its code the logical block address on the disc of the first sector corresponding to a file or track, decryption software operated by a key and an algorithm for determining the unique key for each sector from the logical block address corresponding to the start of that sector.
 4. A method of reading encrypting digital data from a disc comprising the steps of (a) decrypting data in consecutive sectors each using a unique key (b) the unique key for each sector being dependent upon the logical block address on the disc corresponding to the start of that sector.
 5. A method of preventing a computer copying audio sessions on an optical disc including the steps of (a) describing the audio session as data tracks in the Table of Contents contained within the Q-channel information in the lead in area of the disc, (b) describing the audio session in the Q-channel data in each sector within the session as audio tracks.
 6. A method of monitoring whether a disc according to the invention is being accessed in an authorized way comprising the steps of (a) including software for a supervisory program on the said disc (b) activating this supervisory program when the computer operating system first accesses the disc, (b) insertion of all or part of the supervisory program into the operating systems driver chain that allows two way communication between an application program accessing the disc and the disc drive (d) using the supervisory program to monitor communications between the said application program and the disc drive.
 7. A method according to claim 6 comprising (e) describing an audio session as data tracks in the Table of Contents contained within the Q-channel information in the lead in area of the disc, (f) describing the audio session in the Q-channel data in each sector within the session as audio tracks.
 8. A method according to claim 6 wherein any application attempting to access data other than the data session or sessions on the disc will be judged illegal and blocked by the supervisory program.
 9. A method according to claim 6 wherein any program other than the player application program accessing the disc will be judged illegal and blocked by the supervisory program.
 10. A method according to claim 6 wherein the current average disc speed is monitored by the supervisory program and if this average speed does not fall within a range determined by the supervisory program blocking access of the application program to the disc by the supervisory program.
 11. A method according to claim 6 where access is blocked by the supervisory program not relaying the communication along the driver chain or relaying a fictitious communication.
 12. A method of manufacturing digital data storage medium comprising the steps of: (a) segmenting copyright material in digital form into consecutive segments (b) allocating each segment to a sector of the storage medium (c) pre-determining the position of each sector on the storage medium and using an algorithm to derive a unique encryption key for each sector according to the logical block address corresponding to the start of each sector (d) encrypting each sector using its unique key, and (d) writing the encrypted data sectors to the said storage medium.
 13. A method of reading encrypting digital data from a storage medium comprising the steps of (a) decrypting data in consecutive sectors each using a unique key (b) the unique key for each sector being dependent upon the logical block address on the storage medium corresponding to the start of that sector.
 14. A method of monitoring whether a storage medium according to the invention is being accessed in an authorized way comprising the steps of (a) including software for a supervisory program on the storage medium (b) activating this supervisory program when the computer operating system first accesses the storage medium, (b) insertion of all or part of the supervisory program into the operating systems driver chain that allows two way communication between an application program accessing the storage medium and a storage medium read/write unit (d) using the supervisory program to monitor communications between the said application program and the storage medium read/write unit. 